OpenAI Restricts GPT-5.5 Cyber to 'Trusted Defenders' — Mirroring Anthropic's Mythos Access Model

What is it?

GPT-5.5 Cyber is a specialised build of OpenAI's GPT-5.5 flagship aimed at offensive-security workflows: penetration testing, vulnerability identification and exploitation, and malware reverse engineering. The GPT-5.5 system card classifies its cyber capability as 'High' — strong enough that OpenAI is no longer comfortable shipping the unrestricted version through the standard API, and is instead distributing it through a new Trusted Access for Cyber (TAC) program.

How does it work?

Defenders apply via openai.com with credentials and a planned use case. Approved customers — government agencies, critical-infrastructure operators, security vendors, cloud platforms, and financial institutions — receive an identity-gated build with fewer cyber safeguards. Standard API users keep the safety-tuned GPT-5.5; only TAC participants get the permissive build cleared for end-to-end cyber operations and exploit chaining. OpenAI says it will scale defensive access and safeguards together as model capability grows.

Why does it matter?

It's the first time OpenAI has gated a frontier capability behind an identity-checked program — exactly the model Anthropic uses for Claude Mythos and one Sam Altman called 'fear-based marketing' weeks ago. The reversal sets up a two-tier cyber API: vetted defenders move faster, public users sit behind tighter rails. It also tests whether 'trusted' actually keeps offensive use out, given Mythos already leaked to an unauthorised group.

Who is it for?

SOC teams, security vendors, government cyber defenders, AI policy watchers.

Try it

Application form linked from the OpenAI Trusted Access for Cyber announcement page.

Tags

• openai
• gpt-5-5
• gpt-5-5-cyber
• cybersecurity
• trusted-access
• agentic-vulnerability-research
• access-policy
• sam-altman
• anthropic-mythos